Analytics, BI and support
Accounting and finance softwares
Features
- Accounting activities
- Project management
- Software development
Benefits
- Effective project management
- Quick and easy software development etc
Pricing
£100 to £2,500 a person
- Education pricing available
- Free trial available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at rajeev.kumar@heraclitusglobal.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 11
Service ID
2 1 3 4 9 0 4 6 4 7 8 4 3 1 7
Contact
Heraclitus Global Ltd
Rajeev Kumar
Telephone: 07581063508
Email: rajeev.kumar@heraclitusglobal.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- N/A
- System requirements
- Windows/Android/Linux
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 24x7
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AAA
- Web chat accessibility testing
- User acceptance testing done with real users
- Onsite support
- Yes, at extra cost
- Support levels
- All types of support available based on requirement
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Onsite training, online training and documentation.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Export data
- End-of-contract process
- Additional cost depends on number of non-core features
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Chrome
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None
- Service interface
- No
- API
- No
- Customisation available
- Yes
- Description of customisation
- Depending on requirement, features can be customised
Scaling
- Independence of resources
- Scaling based on usage
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- Never
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Export functionality available
- Data export formats
-
- CSV
- ODF
- Data import formats
-
- CSV
- ODF
Data-in-transit protection
- Data protection between buyer and supplier networks
- Private network or public sector network
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- SLA for each service/feature
- Approach to resilience
- Available on request
- Outage reporting
- Email alerts
Identity and authentication
- User authentication needed
- No
- Access restrictions in management interfaces and support channels
-
IAM provides user access control to AWS services, APIs and specific resources. Other controls include time, originating IP address, SSL use, and whether users authenticated via MFA devices.
API calls to launch/terminate instances, change firewalls, and perform other functions are signed by customers’ Amazon Secret Access Key (either the root AWS Account’s Secret Access Key or the Secret Access key of a user created with AWS IAM). Amazon EC2 API calls cannot be made on customers’ behalf without access to customers’ Secret Access Ke.
API calls can be encrypted with TLS/SSL for confidentiality and customers can use TLS/SSL-protected API endpoints. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- Private security certification
- Information security policies and processes
- Policies and Framework document owned by Security officer
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Formal Change Board and Change management process is followed
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
AWS Security performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.
AWS Security monitors newsfeeds/vendor sites for patches and receives customer intelligence via http://aws.amazon.com/security/vulnerability-reporting/.
AWS customers are responsible for all scanning, penetration testing, file integrity monitoring and intrusion detection for their Amazon EC2 and Amazon ECS instances/ applications. Scans should include customer IP addresses (not AWS endpoints). AWS endpoint testing is part of AWS compliance vulnerability scans. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
AWS deploys (pan-environmental) monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:
• Port scanning attacks
• Usage (CPU, processes, disk utilization, swap rates, software-error generated losses)
• Application metrics
• Unauthorized connection attempts
Near real-time alerts flag potential compromise incidents, based on AWS Service/Security Team- set thresholds.
Requests to AWS KMS are logged via the account’s CloudTrail S3 bucket. Logs provide request information, under which CMK, and identify the AWS resource protected through the CMK use. Log events are visible to the customer after turning on AWS CloudTrail in their account. - Incident management type
- Supplier-defined controls
- Incident management approach
-
AWS adopts a three-phased approach to manage incidents:
1. Activation and Notification Phase
2. Recovery Phase
3. Reconstitution Phase
To ensure the effectiveness of the AWS Incident Management plan, AWS conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes as well as testing the systems for potential customer impact.
The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting/detection avenues.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £100 to £2,500 a person
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Core features
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at rajeev.kumar@heraclitusglobal.com.
Tell them what format you need. It will help if you say what assistive technology you use.